I'm troubleshooting an Outlook Anywhere issue with a new Exchange 2010 server. The server in question, MS2010, is behind a SonicWALL NSA 2400 device and works wonderfully except for Outlook Anywhere. Outlook Anywhere works internally and I've verified (through Ctrl+Right-Click -> Connection Status) that I'm able to connect to MS2010 over HTTPS.
When trying to connect to the server using HTTPS from outside the firewall, I'm unable to do so. A Wireshark trace shows 30 or so successful HTTPS packet transmissions, and then it fails with 3 straight transmissions to a destination port of 135. I have no idea why my computer is attempting to access anything on port 135 since I've setup my profile to use HTTPS on both slow and fast connections.
I'm 99% certain that the firewall is configured correctly. I run Outlook Web Access (also HTTPS) on the same server and there are no issues with access.
EDIT: AutoDiscover correct
EDIT: My Autodiscover settings are correct (as far as I can tell). My server passes the Outlook Anywhere and Autodiscover tests at https://www.testexchangeconnectivity.com/.
I've been using the RPCPing utility to troubleshoot and have come across the following results:
Internally
>rpcping -t ncacn_http -s mail.mydomain.com -o RpcProxy=mail.mydomain.com -P "pk,mydomain,*" -I "pk,mydomain,*" -H 1 -u 10 -a connect -F 3 -v 3 -E -R none
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 6.1, Service Pack 1
RPCPinging proxy server mail.mydomain.com with Echo Request Packet
Sending ping to server
Response from server received: 200
Pinging successfully completed in 93 ms
Externally
>rpcping -t ncacn_http -s mail.mydomain.com -o RpcProxy=mail.mydomain.com -P "pk,mydomain,*" -I "pk,mydomain,*" -H 1 -u 10 -a connect -F 3 -v 3 -E -R none
RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
Enter password for RPC/HTTP proxy:
RPCPing set Activity ID: {fc8411ba-2987-4175-b37b-801dc69d5ff9}
RPCPinging proxy server mail.mydomain.com with Echo Request Packet
Setting autologon policy to high
WinHttpSetCredentials for target server called
Error 87 : The parameter is incorrect.
returned in WinHttpSetCredentials
Ping failed
What should I be checking in order to troubleshoot my Outlook Anywhere issues? I'm using Windows 7 SP1 for internal and external access.
EDIT: Autodiscover.xml content
<?xml version="1.0"?>
<Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<User>
<DisplayName>John Doe</DisplayName>
<LegacyDN>/o=MYDOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=pk</LegacyDN>
<DeploymentId>d35170cc-f3a7-42c5-9427-1f554a469126</DeploymentId>
</User>
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>EXCH</Type>
<Server>MS2010.MYDOMAIN.local</Server>
<ServerDN>/o=MYDOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MS2010</ServerDN>
<ServerVersion>738180DA</ServerVersion>
<MdbDN>/o=MYDOMAIN/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=MS2010/cn=Microsoft Private MDB</MdbDN>
<ASUrl>https://MS2010.MYDOMAIN.local/EWS/Exchange.asmx</ASUrl>
<OOFUrl>https://MS2010.MYDOMAIN.local/EWS/Exchange.asmx</OOFUrl>
<OABUrl>http://MS2010.MYDOMAIN.local/OAB/2c34c9f5-5521-4c8c-b684-538df815052a/</OABUrl>
<UMUrl>https://MS2010.MYDOMAIN.local/EWS/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<PublicFolderServer>MS2007.MYDOMAIN.local</PublicFolderServer>
<AD>dc1.MYDOMAIN.local</AD>
<EwsUrl>https://MS2010.MYDOMAIN.local/EWS/Exchange.asmx</EwsUrl>
<EcpUrl>https://MS2010.MYDOMAIN.local/ecp/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>EXPR</Type>
<Server>mail.mycompany.com</Server>
<ASUrl>https://mail.mycompany.com/ews/exchange.asmx</ASUrl>
<OOFUrl>https://mail.mycompany.com/ews/exchange.asmx</OOFUrl>
<OABUrl>https://mail.mycompany.com/OAB/2c34c9f5-5521-4c8c-b684-538df815052a/</OABUrl>
<UMUrl>https://mail.mycompany.com/ews/UM2007Legacy.asmx</UMUrl>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<SSL>On</SSL>
<AuthPackage>Basic</AuthPackage>
<CertPrincipalName>msstd:mail.mycompany.com</CertPrincipalName>
<EwsUrl>https://mail.mycompany.com/ews/exchange.asmx</EwsUrl>
<EcpUrl>https://mail.mycompany.com/owa/</EcpUrl>
<EcpUrl-um>?p=customize/voicemail.aspx&exsvurl=1</EcpUrl-um>
<EcpUrl-aggr>?p=personalsettings/EmailSubscriptions.slab&exsvurl=1</EcpUrl-aggr>
<EcpUrl-mt>PersonalSettings/DeliveryReport.aspx?exsvurl=1&IsOWA=<IsOWA>&MsgID=<MsgID>&Mbx=<Mbx></EcpUrl-mt>
<EcpUrl-ret>?p=organize/retentionpolicytags.slab&exsvurl=1</EcpUrl-ret>
<EcpUrl-sms>?p=sms/textmessaging.slab&exsvurl=1</EcpUrl-sms>
</Protocol>
<Protocol>
<Type>WEB</Type>
<Port>0</Port>
<DirectoryPort>0</DirectoryPort>
<ReferralPort>0</ReferralPort>
<Internal>
<OWAUrl AuthenticationMethod="Basic, Fba">https://MS2010.MYDOMAIN.local/owa/</OWAUrl>
<Protocol>
<Type>EXCH</Type>
<ASUrl>https://MS2010.MYDOMAIN.local/EWS/Exchange.asmx</ASUrl>
</Protocol>
</Internal>
<External>
<OWAUrl AuthenticationMethod="Fba">https://mail.mycompany.com/owa/</OWAUrl>
<Protocol>
<Type>EXPR</Type>
<ASUrl>https://mail.mycompany.com/ews/exchange.asmx</ASUrl>
</Protocol>
</External>
</Protocol>
</Account>
</Response>
</Autodiscover>
is the "https://MS2010.MYDOMAIN.local" the URL you're trying to connect to externally? I could be reading your autodiscover wrong, but that's what I'm seeing. If so, that's probably your issue. You need to set your external domain in the outlook anywhere to match what your actual external OWA address is.
http://technet.microsoft.com/en-us/library/aa996902.aspx
See this command as an example: set-OutlookAnywhere -Identity:'CAS01' -ExternalHostName:'site.contoso.com'
Actually, it might be helpful if you could share the following results of: Get-outlookanywhere
Secondly, how is DNS setup? Can we get view of "mydomain.com"?
Do you have port 443 and 80 open on your firewall and pointing to your CAS server?
Does your firewall have a log that you can share?
Basically, if it's not working externally, I'm incline to think its one of the following:
DNS, your firewall or your external outlook anywhere configuration.
New RpcPing.exe is different
Your text shows that you are using two different versions of rpcping.exe.
I just ran into the same problem on my Win10 machine. The old v2.12 is from a Microsoft Resource kit and the new v6.0 is shipped with Win10.
I have not solved this problem yet but I can tell you this: the new versions is different. For example the meaning of the
/Fflag (which you used in your question) seems to have been redefined.Try again with the same versions.
Different versions on my system
I have 2 versions in my path. (The new version has precedence, though.)
Interesting quirk: If you leave out the '*' then it won't show you all versions:
Old version
This version is part of the Windows Server 2003 Resource Kit Tools .
Docmentation here: KB831051: How to use the RPC Ping utility to troubleshoot connectivity issues with the Exchange over the Internet feature in Outlook 2007 and in Outlook 2003 (Archived here.)
VT link: https://www.virustotal.com/file/8c491f2a21badbc40567b8145d8840011bba9a90d30fbb603feeab778680d4ca/analysis/
New version
This version is part of Win10.
Documentation here: TechNet, Windows Server 2012 R2 and Windows Server 2012, Command line reference, Rpcping (Archived here.)
VT link: https://www.virustotal.com/file/38a97fe5038219ee981cb10d469084208525c390b2cccbc63207118165299848/analysis/